Lucene search

[email protected]NVD:CVE-2015-7545

HistoryApr 13, 2016 - 3:59 p.m.

CVE-2015-7545

2016-04-1315:59:01

CWE-20

CWE-284

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

JSON

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.

Affected configurations

NVD

Node

git_projectgitRange≤2.3.9

git_projectgitMatch2.4.0

git_projectgitMatch2.4.1

git_projectgitMatch2.4.2

git_projectgitMatch2.4.3

git_projectgitMatch2.4.4

git_projectgitMatch2.4.5

git_projectgitMatch2.4.6

git_projectgitMatch2.4.7

git_projectgitMatch2.4.8

git_projectgitMatch2.4.9

git_projectgitMatch2.5.0

git_projectgitMatch2.5.1

git_projectgitMatch2.5.2

git_projectgitMatch2.5.3

git_projectgitMatch2.6.0

Node

redhatsoftware_collectionsMatch1.0

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

References

lists.opensuse.org/opensuse-updates/2015-11/msg00066.html

rhn.redhat.com/errata/RHSA-2015-2515.html

www.debian.org/security/2016/dsa-3435

www.openwall.com/lists/oss-security/2015/12/08/5

www.openwall.com/lists/oss-security/2015/12/09/8

www.openwall.com/lists/oss-security/2015/12/11/7

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/78711

www.securitytracker.com/id/1034501

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255

www.ubuntu.com/usn/USN-2835-1

bugzilla.redhat.com/show_bug.cgi?id=1269794

github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt

github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt

github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt

github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt

kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021

lkml.org/lkml/2015/10/5/683

security.gentoo.org/glsa/201605-01

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

JSON

Related for NVD:CVE-2015-7545

redhat2 nessus12 openvas12 amazon1 ubuntucve1 ubuntu1 cvelist1 freebsd1 oraclelinux2 centos1 debian2 ibm1 veracode1 debiancve1 cve1 prion1 slackware1 hackerone1 archlinux2 mageia1 gentoo1 rosalinux1